Tom Gilheany

BSidesSF BSidesSF 2026 will be held March 21-22! The Call for Participation (CFP) is now open! We are now accepting submissions for presentations, workshops, and other sessions for BSidesSF ...

#BSidesSF #BSides BSidesSF 2026 call for Participation is open! If you're interested in being a presenter at BSidesSF (and for a possible chance at presenting on the big IMAX screen!), gather your co-presenters and your best security ideas! bsidessf.org

Are you a Product Professional or Startup Founder whose org. is always in Firefighting Mode? Join us online next Wed. in welcoming Lynne Levy - hear the secrets of "Leadership & Influence When Everything's On Fire". #productmanager #FOUNDER svpma.org/events/month...

📢 Marks & Spencer’s ransomware nightmare – more details emerge
https://www.bitdefender.com/en-us/blog/hotforsecurity/marks-spencers-ransomware-nightmare-more-details-emerge

OpenAI takes down covert operations tied to China and other countries The company said China and other nations are covertly trying to use chatbots to influence opinion around the world. In one case, operatives also used the tools to write internal performance reports.

www.npr.org/2025/06/05/n...

Looking forward to hearing from Jen Easterly & Chris Krebs at #RSAC2025 #RSAC shortly!

Live streams from the BSides San Francisco 2025 security conference, which are taking place over the weekend, are available on YouTube

www.youtube.com/@BSidesSF/st...

Radio check before the second day of setup for #BSidesSF! All charged and ready! #CyberSecurity #RSAC #infosec

1. Unencrypted Data Transmission
2. Hardcoded Encryption Keys
3. Insecure Data Storage (including Username, password & encryption keys).
...
Basic software and application security minimum requirements!
#AI #GenAI #DeepSeek #Cybersecurity #OWASP #AppSec

www.nowsecure.com/blog/2025/02...

Proposed HIPPA Updates: www.hhs.gov/hipaa/for-pr... #HIPPA #Cybersecurity

FTC orders Marriott and Starwood to boost cybersecurity following major incidents Firms told they failed to implement ‘reasonable data security’

FTC orders #Marriott and #Starwood to boost #cybersecurity following major incidents
www.techradar.com/pr...

Airline hit by a cyberattack, delaying flights during the year-end holiday season Japan Airlines has been hit by a cyberattack that caused delays to more than 20 domestic flights, but it managed to restore its systems within hours.

Japan Airlines said it was hit by a cyberattack, causing delays to more than 20 domestic flights but the carrier said it was able to stop the onslaught and restore its systems hours later. Read more at @AssociatedPress. #JapanAirlines #CyberSecurity #Tech #Technology https://flip.it/mJrcQ-

Fabian Bader (@fabian_bader@infosec.exchange) Attached: 1 image NO-BREAK SPACE unicode characters in the display name are not something your average M365 users use. So better look into #Teams chat messages from those users. #SecurityTip #KQL https://github.com/f-bader/AzSentinelQueries/blob/master/Defender%20XDR/SuspiciousTeamsMessagesBasedOnUnicodeInDisplayName.md

If you allow people outside of your organization to initiate Teams chats with your users, I’d definitely look for this.
#cybersecurity

From: @fabian_bader
https://infosec.exchange/@fabian_bader/113686636768785688

Researchers Crack Microsoft Azure MFA in an Hour

Researchers Crack Microsoft Azure MFA in an Hour

Microsoft Fixes Zero-Day, Critical RCEs in Patch Tuesday The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday - https://mwyr.es/qxoDYhkf #darkreading #infosec #microsoft

Apple Pushes Major iOS, macOS Security Updates Cupertino ships iOS 18.2 and macOS Sequoia 15.2 patches to fix data leakage, sandbox escapes and code exection vulnerabilities.

Apple Pushes Major iOS, macOS Security Updates - https://mwyr.es/WZ8p0eT4 #securityweek #infosec #apple

U.K. cybersecurity chief warns of gap between risks and defenses A warning issued by the new head the United Kingdom's National Cyber Security Centre (NCSC) should be sobering to cybersecurity pros every...

UK's cyber chief warns of a serious gap between cyber threats and defenses. The NCSC reports a threefold increase in serious cyber incidents. jpmellojr.blogspot.com/2024/12/uk-c... #CyberSecurity #CyberThreats #GCHQ #NCSC

New Guidance for Federal AI Procurement Embraces Red Teaming and Other HackerOne Suggestions

https://www.hackerone.com/public-policy/federal-ai-procurement-guidance

#cybersecurity #infosec #security #hacker

A critical vulnerability (CVE-2024-49600) in Dell Power Manager (versions before 3.17) allows local attackers to execute malicious code. Update to version 3.17 or later immediately. No workarounds exist.

The Quiet HTTPS Revolution In a recent post, I explained that the websites I visit on my Chromebook are almost all delivered over HTTPS. Better still, 100% of the…

🔐 In case you missed my thoughts on HTTPS:
https://buff.ly/3Z9euRV

We still have a long way to go before products are secure by design, but let’s not overlook the massive improvements in network security over the past decade. Enjoy that café Wi-Fi and ignore the evil barista hacklore. 😉

Multiple QNAP Vulnerabilities Let Remote Attackers To Compromise The System Remotely QNAP Systems has disclosed multiple critical vulnerabilities affecting its QTS and QuTS hero operating systems.

Multiple QNAP Vulnerabilities Let Remote Attackers To Compromise The System Remotely

How Chinese insiders exploit its surveillance state 'It's a double-edged sword,' security researchers tell The Reg

How Chinese insiders are stealing data scooped up by President Xi's national surveillance system

In the new space race, hackers are hitching a ride into orbit As space exploration rapidly evolves, so do the cybersecurity threats facing spacecraft, satellites, and space-based systems.

Cybersecurity......in......spaaaaaaace! This article parallels a fascinating presentation I attended last month, given by a Cybersecurity professional at NASA/JPL. When your operating environment changes drastically, if affects security drastically as well! www.cnbc.com/2024/11/30/i...

It's that time of year again!